Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
hapi-uploader
Advanced tools
hapi-uploader
Hapi plugin allowing easy and configurable file uploads
Introduction
Creating a simple route to allow file uploads is pure madness. This plugin allows to register multiple configurable routes, with validation included, that make the burden of file uploading like a walk in the park.
This plugin runs only on Node >=4.0.0.
Example
const Hapi = require('hapi')
const server = new Hapi.Server()
server.connection({ port: 8080 })
server.register({
register: require('hapi-uploader'),
options: {
upload: {path: './'}
}
}, (err) => {
if (err) {
console.log('Failed loading plugin', err)
process.exit(1)
}
server.start((err) => {
if (err) {
console.log('Failed to start the server', err)
process.exit(1)
}
console.log('Server running on - ' + server.info.port)
})
})
API
Options
upload- the upload configuration objectpath- mandatory path to where the files should be uploaded[generateName]- optional function to generate the file names used. It must follow the generateName function signature[maxBytes]- optional number, detailing the max bytes size allowed per file
[route]- optional route configuration object similar to the one used in hapi[path]- optional route path, defaults to/files[auth]- auth object like the one specified by the hapi framework, defaults tofalse[cors]- the Cross-Origin Resource Sharing options. CORS headers are disabled by default (false). To enable, set cors to true, or to an object specified by the hapi framework.[tags]- tags array like the one specified by the hapi framework, defaults toundefined[validate]- optional route validation configuration file[query]- query validation object like the one specified by the hapi framework[params]- params validation object like the one specified by the hapi framework[headers]- headers validation object like the one specified by the hapi framework[auth]- auth validation object like the one specified by the hapi framework[filename]- optional Joi validation object to validate the received filename for each file[extensions]- optional array containing the valid file extensions allowed (use either this option ormimeTypesnot both)[mimeTypes]- optional array containing the valid mime types allowed (use either this option orextensionsnot both)
[preUpload]- optional method to run before an upload request. It must follow the preUpload function signature[postUpload]- optional method to run after an upload request. It must follow the postUpload function signature
generateName(fileName, request)
Method that runs prior to the upload used to generate the name for the file in question. It receives the fileName with which the file was uploaded and the request object such as detailed by the hapi framework. It will run for each file received and it must return a string which will be used to name the file.
preUpload(request, reply)
Method that runs prior to the upload through the route pre-methods documented on the hapi framework. It receives the request and reply object such as detailed by the hapi framework. The response passed to the reply method will be saved on a pre key on the request object and will be available on the postUpload method through request.pre.preUpload
postUpload(request, reply)
Method that runs after the upload through the route pre-methods documented on the hapi framework. It receives the request and reply object such as detailed by the hapi framework. It is possible to access both the results of the preUpload method (if any) and the upload through the request object - request.pre.preUpload and request.pre.file. The response passed to the reply method will be saved on a pre key on the request object and will be used as response to the request.
request.pre.file
This will be the response from the upload and will be available on the postUpload method. It will be an object as follows:
{
mimeType: 'The file mime type',
name: 'The name with which the file was stored'
path: 'Relative path used to save the file'
extension: 'The file extension'
}
Response
The default response, when no error occurred, will be the request.pre.file, without the path prop, which is the result of the upload method. To override the default behaviour return a response on the postUpload method which will be used has response to the client instead.
The default will be an object as follows:
{
mimeType: 'The file mime type',
name: 'The name with which the file was stored'
extension: 'The file extension'
}
Contributing
This project uses standard js.
License
MIT
FAQs
Hapi plugin allowing easy and configurable file uploads
The npm package hapi-uploader receives a total of 3 weekly downloads. As such, hapi-uploader popularity was classified as not popular.
We found that hapi-uploader demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 06 May 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025